9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
49.8%
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly
other Android devices, when running an Exynos 4210 or 4412 processor, uses
weak permissions (0666) for /dev/exynos-mem, which allows attackers to read
or write arbitrary physical memory and gain privileges via a crafted
application, as demonstrated by ExynosAbuse.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels /dev/exynos-mem not used on reference devices |