Details of VAR-202002-1717

ID

VAR-202002-1717

TITLE

(Pwn2Own) Samsung Galaxy S10 IndexedDB Use-After-Free Sandbox Escape Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-256

DESCRIPTION

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Galaxy S10. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the IndexedDBDatabase::Close method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and escape the Chromium sandbox.

Trust: 0.7

sources: ZDI: ZDI-20-256

AFFECTED PRODUCTS

vendor:

samsung

model:

galaxy s10

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-20-256

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-20-256
value:	HIGH
Trust: 0.7

ZDI:	ZDI-20-256
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-256

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-9666	Trust: 0.7
db:	ZDI	id:	ZDI-20-256	Trust: 0.7

sources: ZDI: ZDI-20-256

CREDITS

@fluoroacetate

Trust: 0.7

sources: ZDI: ZDI-20-256

SOURCES

db:

ZDI

id:

ZDI-20-256

LAST UPDATE DATE

2022-05-17T02:08:54.451000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-20-256

date:

2020-02-21T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-20-256

date:

2020-02-20T00:00:00