CVE-2018-16268: The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus secu...

Description

The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Metrics

CVSS 3.1

4.3/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability

0.52%

40.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-269

Affected Software

Vendor	Product	Versions	Update
Linux	Tizen	1.0	—
Linux	Tizen	2.0	—
Linux	Tizen	2.1	—
Linux	Tizen	2.2	—
Linux	Tizen	2.2.1	—
Linux	Tizen	2.3	—
Linux	Tizen	2.3.1	—
Linux	Tizen	2.4	—
Linux	Tizen	3.0	—
Linux	Tizen	4.0	M1
Linux	Tizen	5.0	—

References

Timeline

Published: Jan 22, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-16268?

The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

How severe is CVE-2018-16268?

CVE-2018-16268 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.

How do I fix CVE-2018-16268?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.