CVE-2018-14852 - OpenCVE

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Galaxy S6 Galaxy S6 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu5eqh7:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md
https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-17T18:00:00

Updated: 2024-08-05T09:38:14.074Z

Reserved: 2018-08-02T00:00:00

Link: CVE-2018-14852

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-17T19:29:00.330

Modified: 2019-01-08T15:05:44.747

Link: CVE-2018-14852

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-17T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14852", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md", "refsource": "MISC", "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:38:14.074Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14852", "datePublished": "2018-12-17T18:00:00", "dateReserved": "2018-08-02T00:00:00", "dateUpdated": "2024-08-05T09:38:14.074Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu5eqh7:*:*:*:*:*:*:*", "matchCriteriaId": "AF74385F-4A92-4925-8C16-B23422A35E0E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware."}, {"lang": "es", "value": "Acceso al array fuera de l\u00edmites en dhd_rx_frame en drivers/net/wireless/bcmdhd4358/dhd_linux.c en el controlador Wi-Fi bcmdhd4358 en Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 permite que un atacante (que ha obtenido c\u00f3digo de ejecuci\u00f3n en el chip Wi-Fi) provoque accesos inv\u00e1lidos a la memoria del sistema operativo debido a la validaci\u00f3n incorrecta del \u00edndice de la interfaz de red proporcionada por el firmware del chip Wi-Fi."}], "id": "CVE-2018-14852", "lastModified": "2019-01-08T15:05:44.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-17T19:29:00.330", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md"}, {"source": "nvd@nist.gov", "tags": ["Exploit", "Third Party Advisory"], "url": "https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}