Integer Overflow Vulnerability in Samsung Exynos Mobile Processors
CVE-2023-40218

2LOW

Key Information:

Vendor: Samsung
Status: Exynos 9820 Firmware
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-40218?

An integer overflow vulnerability exists within the NPU kernel driver of Samsung's Exynos Mobile Processor series. This flaw can allow malicious applications to bypass standard error detection mechanisms, potentially leading to unauthorized access or exploitation of affected devices. The vulnerability affects multiple versions of Exynos processors, including 9820, 980, 2100, 2200, 1280, and 1380, posing significant security concerns for users relying on these systems.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 10, 2023