CVE-2016-4038 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Samsung	Samsung Mobile	4.4
Samsung	Apq8084	-
Samsung	Msm8974	-
Samsung	Msm8974Pro	-

Related Weaknesses (CWE)

CWE-20

References

http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/04/17/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/18/8Mailing ListThird Party Advisory
http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/04/17/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/18/8Mailing ListThird Party Advisory

FAQ

What is CVE-2016-4038?

CVE-2016-4038 is a vulnerability with a CVSS score of 7.8 (HIGH). Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L a...

How severe is CVE-2016-4038?

CVE-2016-4038 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4038?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Samsung Mobile, Samsung Apq8084, Samsung Msm8974, Samsung Msm8974Pro.