Stack-Based Buffer Overflow in Amazon Fire OS
CVE-2015-7292

9.8CRITICAL

Key Information:

Vendor: Amazon
Status: Amazon Fire Os Before 2016-01-15
Vendor: CVE Published:; 10 April 2017

What is CVE-2015-7292?

A stack-based buffer overflow vulnerability exists in the havok_write function of Amazon Fire OS prior to January 15, 2016. This flaw can be triggered by providing a long string to /dev/hv, potentially leading to a denial of service through system panic and the possibility of other unspecified impacts. Proper handling of input data is crucial to prevent exploitation of this vulnerability.

Affected Version(s)

Amazon Fire OS before 2016-01-15 Amazon Fire OS before 2016-01-15

References

https://marcograss.github.io/security/android/cve/2016/01...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2017
Vulnerability Reserved
Sep 18, 2015