Skip to main content

Samsung Mobile CVE-2017-5351

HIGH
Uncontrolled Resource Consumption (CWE-400)
2017-01-12 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 12, 2017 - 06:59 cve.org
HIGH 7.5

DescriptionCVE.org

Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.

AnalysisAI

Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650. Affected products include: Samsung Samsung Mobile.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2015-7896 MEDIUM POC
6.5 Aug 24

LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memor

CVE-2015-7891 HIGH POC
7.0 Aug 02

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with A

CVE-2017-5538 CRITICAL
9.8 Mar 23

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) an

CVE-2016-9967 CRITICAL
9.8 Dec 16

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5

CVE-2016-9966 CRITICAL
9.8 Dec 16

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5

CVE-2016-9965 CRITICAL
9.8 Dec 16

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5

CVE-2018-9143 CRITICAL
9.8 Mar 30

On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code

CVE-2018-9139 CRITICAL
9.8 Mar 30

On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privi

CVE-2015-7895 MEDIUM POC
5.5 Jun 27

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium s

CVE-2015-7898 MEDIUM POC
5.5 Jun 27

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium s

CVE-2018-10751 MEDIUM POC
5.3 May 29

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Ex

CVE-2018-5210 HIGH
8.1 Jan 04

On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow atta

Share

CVE-2017-5351 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy