An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.
Weakness
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Exynos_1330_firmware | Samsung | - (including) | - (including) |
Extended Description
An attacker can supply a pointer for memory locations that the product is not expecting. If the pointer is dereferenced for a write operation, the attack might allow modification of critical state variables, cause a crash, or execute code. If the dereferencing operation is for a read, then the attack might allow reading of sensitive data, cause a crash, or set a variable to an unexpected value (since the value will be read from an unexpected memory location). There are several variants of this weakness, including but not necessarily limited to: