Improper D-Bus Security Configuration in Tizen by Samsung

CVE-2018-16267

What is CVE-2018-16267?

The system-popup service in Tizen enables unprivileged processes to execute certain system commands, such as triggering the poweroff menu and displaying popups with customized text, due to incorrect D-Bus security policy configurations. This vulnerability impacts Tizen versions prior to 5.0 M1 and Tizen-based devices including several models in the Samsung Galaxy Gear series, rendering them susceptible to unauthorized system actions.

References