Vulnerabilities > CVE-2018-14853 - NULL Pointer Dereference vulnerability in Samsung Galaxy S6 Firmware G920Fxxu5Eqh7

CVSS 4.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

low complexity

samsung

CWE-476

NVD

Published: 2018-12-17

Updated: 2019-01-08

Summary

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Galaxy S6 Firmware G920Fxxu5Eqh7	1
Hardware	Samsung Samsung Galaxy S6 -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14853.md
https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf