Code injection

2018-01-0406:29:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.5%

JSON

On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.

CPENameOperatorVersion
samsung_mobileeq7.1
samsung_mobileeq6.0.1
samsung_mobileeq5.1
samsung_mobileeq5.1.1
samsung_mobileeq7.1.2
samsung_mobileeq6.0
samsung_mobileeq5.0
samsung_mobileeq7.1.1
samsung_mobileeq7.0

Name	Operator	Version
samsung_mobile	eq	7.1
samsung_mobile	eq	6.0.1
samsung_mobile	eq	5.1
samsung_mobile	eq	5.1.1
samsung_mobile	eq	7.1.2
samsung_mobile	eq	6.0
samsung_mobile	eq	5.0
samsung_mobile	eq	7.1.1
samsung_mobile	eq	7.0

References

security.samsungmobile.com/securityUpdate.smsb