CVE-2015-7892
Last modified
CVE-2015-7892 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.. EPSS estimates a 1.35% chance of exploitation in the next 30 days.
Description
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samsung | M2m1shot Driver | All versions |
References
- http://packetstormsecurity.com/files/134108/Samsung-M2m1shot-Kernel-Driver-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- https://code.google.com/p/google-security-research/issues/detail?id=493Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/38555/Exploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/134108/Samsung-M2m1shot-Kernel-Driver-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- https://code.google.com/p/google-security-research/issues/detail?id=493Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/38555/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-7892?
How severe is CVE-2015-7892?
How do I fix CVE-2015-7892?
Are you affected by CVE-2015-7892?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST