Details of VAR-202002-1716

ID

VAR-202002-1716

TITLE

(Pwn2Own) Samsung Galaxy S10 FileWriter Use-After-Free Sandbox Escape Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-254

DESCRIPTION

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Galaxy S10. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of arrays in FileWriterImpl::Write. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and escape the Chromium sandbox.

Trust: 0.7

sources: ZDI: ZDI-20-254

AFFECTED PRODUCTS

vendor:

samsung

model:

galaxy s10

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-20-254

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-20-254
value:	HIGH
Trust: 0.7

ZDI:	ZDI-20-254
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-254

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-9655	Trust: 0.7
db:	ZDI	id:	ZDI-20-254	Trust: 0.7

sources: ZDI: ZDI-20-254

CREDITS

Pedro Ribeiro (pedrib@gmail.com) and Radek Domanski (radek.domanski@gmail.com)

Trust: 0.7

sources: ZDI: ZDI-20-254

SOURCES

db:

ZDI

id:

ZDI-20-254

LAST UPDATE DATE

2022-05-17T01:55:44.323000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-20-254

date:

2020-02-21T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-20-254

date:

2020-02-20T00:00:00