Input Validation Flaw in Samsung Exynos Wearable Processors
CVE-2024-27367

5.5MEDIUM

Key Information:

Vendor
Samsung
Status
Exynos 980 Firmware
Vendor
CVE Published:
9 September 2024

Summary

An input validation issue has been identified in various Samsung Exynos Wearable Processors, including Exynos 980, 850, 1080, 1280, 1380, 1330, 1480, W920, and W930. The flaw exists in the slsi_rx_scan_ind() function, where user-supplied data length is not properly validated. This oversight can result in an integer overflow, potentially leading to a heap over-read situation, exposing sensitive data and increasing the risk for exploitation.

References

https://semiconductor.samsung.com/support/quality-support...
https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.