Vulnerabilities > CVE-2016-7989 - 7PK - Security Features vulnerability in Google Android

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

google

CWE-254

NVD

Published: 2016-10-31

Updated: 2016-12-02

Summary

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 4.2.2 Google Android 4.3 Google Android 4.3.1 Google Android 4.4 Google Android 4.4.1 Google Android 4.4.2 Google Android 4.4.3 Google Android 4.4.4 Google Android 5.0 Google Android 5.0.1 Google Android 5.0.2 Google Android 5.1 Google Android 5.1.0 Google Android 5.1.1 Google Android 6.0 Google Android 6.0.1	16
Hardware	Samsung Samsung Galaxy S4 - Samsung Galaxy S4 Mini - Samsung Galaxy S5 - Samsung Galaxy S6 - Samsung Galaxy S7 -	5

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References