CVE-2015-7891

HIGH

Samsung Graphics 2D driver - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7891. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates a race condition in the Samsung Graphics 2D driver's ioctl implementation due to improper locking, leading to potential use-after-free vulnerabilities. The PoC involves concurrent ioctl calls from forked processes to trigger the condition.

Description

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/38557

View Code ZIP pw:eip

The exploit demonstrates a race condition in the Samsung Graphics 2D driver's ioctl implementation due to improper locking, leading to potential use-after-free vulnerabilities. The PoC involves concurrent ioctl calls from forked processes to trigger the condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: Samsung Graphics 2D driver (fimg2d)

No auth needed

Prerequisites: Access to /dev/fimg2d · Ability to fork processes

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/77335

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/project-zero/issues/detail?id=492

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38557/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html

Vendor Advisory x_refsource_confirm

http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015

Scores

CVSS v3 7.0

EPSS 0.0067

EPSS Percentile 47.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (2)

samsung/samsung_mobile 5.0

samsung/samsung_mobile 5.1

Published Aug 02, 2017

Tracked Since Feb 18, 2026