Exynos Processors Vulnerable to Heap Over-Read Due to Lack of Input Validation
CVE-2024-27364

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 9 September 2024

What is CVE-2024-27364?

An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_roamed_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Feb 25, 2024

Samsung

What is CVE-2024-27364?

References

CVSS V3.1

Timeline