Improper D-Bus Security in Tizen Affects Samsung Devices
CVE-2018-16268

4.3MEDIUM

Key Information:

Vendor

Linux
Status
Tizen
Vendor
CVE Published:
22 January 2020

What is CVE-2018-16268?

The SoundServer/FocusServer system services in Tizen OS have a vulnerability that allows unprivileged processes to execute media-related commands due to misconfigured D-Bus security policies. This weakness permits unauthorized playback of sound files or DTMF tones, potentially compromising device functionality and user experience. Affected versions include Tizen OS prior to 5.0 M1 and certain Samsung Galaxy Gear models before build RE2, exposing users to security risks.

References

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20...
x_refsource_MISC
https://review.tizen.org/git/?p=platform/core/multimedia/...
x_refsource_MISC
https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.