PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-9279 Samsung CVE debrief

CVE-2016-9279 covers a use-after-free flaw in Samsung’s Exynos fimg2d driver for Android on Exynos 5433, 54xx, and 7420 chipsets. According to NVD, the issue can let an attacker obtain sensitive information, and the record maps it to CWE-416 with network-accessible, no-user-interaction characteristics in the CVSS vector. Samsung’s advisory and the referenced OSS-security posts place the issue in the November 2016 disclosure window, while the CVE was published by NVD on 2017-01-18. The vulnerability is not listed as a Known Exploited Vulnerability in the supplied data, but it is still high priority for any fleet that includes the affected Samsung Android devices.

Vendor
Samsung
Product
CVE-2016-9279
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-18
Original CVE updated
2026-05-13
Advisory published
2017-01-18
Advisory updated
2026-05-13

Who should care

Security, mobile-device-management, and patch-management teams responsible for Samsung Android devices using Exynos 5433, 54xx, or 7420 chipsets; also incident responders and asset owners tracking platform-level memory-corruption issues.

Technical summary

NVD describes the bug as a use-after-free in the Samsung Exynos fimg2d driver. The stated impact is unauthorized access to sensitive information via unspecified vectors. The NVD record assigns CWE-416 and CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating remote reachability, no privileges, no user interaction, and a confidentiality-only impact in the record.

Defensive priority

High. The CVSS score is 7.5, the issue is remotely reachable with no privileges or user interaction in the published vector, and it affects a platform-level Android graphics driver. Prioritize remediation on any in-scope Samsung Exynos devices even though it is not marked KEV in the supplied data.

Recommended defensive actions

  • Inventory Samsung Android devices that use Exynos 5433, 54xx, or 7420 chipsets.
  • Apply the Samsung security update referenced in the vendor advisory for the November 2016 SMR release.
  • Verify device security patch levels and confirm the fimg2d-related fix is present before returning devices to normal use.
  • If immediate patching is not possible, reduce exposure by limiting use of higher-risk devices for sensitive workflows until updated.
  • Track the vendor advisory and NVD record for any clarifications or additional affected versions.

Evidence notes

Supported by the NVD record and its references: the vulnerability is described as a use-after-free in Samsung’s Exynos fimg2d driver for Android, affecting Exynos 5433, 54xx, and 7420 chipsets, with the stated consequence of obtaining sensitive information. NVD maps the weakness to CWE-416 and publishes CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The record links to Samsung’s SMR-NOV-2016 advisory and OSS-security posts from 2016-11-09 and 2016-11-11. No exploit code or unsupported mitigation details are included here.

Official resources

Publicly disclosed through Samsung’s November 2016 advisory materials and referenced OSS-security posts; the NVD CVE entry was published on 2017-01-18. The supplied record was last modified by NVD on 2026-05-13, which is record maintenance,