CVE-2018-14856

Опубликовано: 17 дек. 2018

Источник: nvd

CVSS3: 6.3

CVSS2: 5.8

EPSS Низкий

Описание

Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.

Ссылки

https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md
Exploit
Third Party Advisory
https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf
Exploit
Third Party Advisory
https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu5eqh7:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00154

Низкий

6.3 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-5239-56w9-hx7j