Input Validation Flaw in Samsung Exynos Wearable Processors
CVE-2024-27367

5.5MEDIUM

Key Information:

Vendor

Samsung
Status
Exynos 980 Firmware
Vendor
CVE Published:
9 September 2024

What is CVE-2024-27367?

An input validation issue has been identified in various Samsung Exynos Wearable Processors, including Exynos 980, 850, 1080, 1280, 1380, 1330, 1480, W920, and W930. The flaw exists in the slsi_rx_scan_ind() function, where user-supplied data length is not properly validated. This oversight can result in an integer overflow, potentially leading to a heap over-read situation, exposing sensitive data and increasing the risk for exploitation.

References

https://semiconductor.samsung.com/support/quality-support...
https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.