Samsung Internet Vulnerability Allows Local Attackers to Execute Arbitrary Code
CVE-2024-20838

7.8HIGH

Key Information:

Vendor: Samsung
Status: Samsung Internet
Vendor: CVE Published:; 5 March 2024

Summary

An improper validation vulnerability exists in Samsung Internet that may allow local attackers to execute arbitrary code. This exploit affects all versions prior to 24.0.3.2, potentially compromising user data and device integrity. Users are advised to upgrade to the latest version to protect against this vulnerability.

Affected Version(s)

Samsung Internet 24.0.3.2

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2024
Vulnerability Reserved
Dec 5, 2023