Vulnerability Description
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Meizu | Mx | - |
| Samsung | Galaxy Note 2 | - |
| Samsung | Galaxy S2 | - |
Related Weaknesses (CWE)
References
- http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerabilit
- http://forum.xda-developers.com/showthread.php?p=35469999Exploit
- http://forum.xda-developers.com/showthread.php?t=2051290
- http://osvdb.org/88467
- http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerab
- http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-device
- http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices
- http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerabilit
- http://forum.xda-developers.com/showthread.php?p=35469999Exploit
- http://forum.xda-developers.com/showthread.php?t=2051290
- http://osvdb.org/88467
- http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerab
- http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-device
- http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices
FAQ
What is CVE-2012-6422?
CVE-2012-6422 is a vulnerability with a CVSS score of 9.3 (HIGH). The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which all...
How severe is CVE-2012-6422?
CVE-2012-6422 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6422?
Check the references section above for vendor advisories and patch information. Affected products include: Meizu Mx, Samsung Galaxy Note 2, Samsung Galaxy S2.