Exynos Processors Vulnerable to Heap Over-Read Due to Lack of Input Validation
CVE-2024-27364

5.5MEDIUM

Key Information:

Vendor

Samsung
Status
Exynos 980 Firmware
Vendor
CVE Published:
9 September 2024

What is CVE-2024-27364?

An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_roamed_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

References

https://semiconductor.samsung.com/support/quality-support...
https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.