Vulnerability Details CVE-2018-14855
Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.3%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 5.8
References
- https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md
- https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf
- https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md
Products affected by CVE-2018-14855
-
cpe:2.3:h:samsung:galaxy_s6:-
-
cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu5eqh7