Samsung Exynos chip kernel device/dev/exynos-mem Local Privilege Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
Samsung Galaxy S2
Samsung Galxy Note 2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56955

Exynos is the ARM-based Processor brand of South Korea's Samsung Electronics.

Samsung Exynos has a security vulnerability in the kernel device/dev/exynos-mem. This device allows all users to read and write all the physical memory, causing attackers to obtain the root access permission of the system. /Dev/exynos-mem is used for graphics processing, such as camera, graphics memory allocation, and hdmi. Multiple devices are affected: Samsung Galaxy S2, Samsung Galxy Note 2, meizu mx, and all devices with exynos processors (4210 and 4412. Three databases use/dev/exynos-mem:

/System/lib/hw/camera. smdk4x12. so
/System/lib/hw/gralloc. smdk4x12. so
/System/lib/libhdmi. so

<* Source: alephzain

Link: http://forum.xda-developers.com/showthread.php? P = 35469999 # post35469999
Http://www.theregister.co.uk/2012/12/17/samsung_exynos_flaw/
Http://www.solidot.org/story? Sid = 1, 32722
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Set the permission to 0660 or 0600 in ueventd. smdk4x12. rc.

Vendor patch:

Samsung
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.samsung.com/