EUVD-2015-7790

Malware in sbrugna...

Stack overflow

Stack-based buffer overflow in the m2m1shotcompatioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.bufout.numplanes value in an ioctl call...

CVE-2015-7892

CVE-2015-7892 affects the Samsung m2m1shot driver framework (Samsung Galaxy S6 Edge). A stack-based overflow in the m2m1shot_compat_ioctl32 function allows a local user to trigger an overflow via a large data.buf_out.num_planes in an ioctl. Exploitation was demonstrated publicly (see exploit-db 3...

CVE-2015-7889

CVE-2015-7889 affects the Samsung SecEmailComposer/EmailComposer on Galaxy S6 Edge prior to the October 2015 maintenance release. The vulnerability arises from weak permissions on the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service, allowing an unprivileged app with knowled...

CVE-2015-7888

CVE-2015-7888 affects Samsung Galaxy S6 Edge WifiHs20UtilityService. A directory traversal occurs when a cred.zip is placed under /sdcard/Download; the unzipping process can write files to arbitrary locations (e.g., /data/bundle) as the system user due to unverified file paths. Project Zero notes...

Samsung WifiHs20UtilityService

A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle...

Samsung Galaxy S6 and Galaxy S6 Edge — 8 Things You Should Know

A whole lot of things gone in the official kickoff of Mobile World Congress 2015, but a unique phone with a curved screen on both sides of the device acquired everybody’s attention. That’s what unveiled by Samsung late Sunday. Samsung has officially unveiled its next-generation flagship Smartphon...