Input Validation Flaw in Samsung Exynos Wearable Processors
CVE-2024-27367
5.5MEDIUM
What is CVE-2024-27367?
An input validation issue has been identified in various Samsung Exynos Wearable Processors, including Exynos 980, 850, 1080, 1280, 1380, 1330, 1480, W920, and W930. The flaw exists in the slsi_rx_scan_ind() function, where user-supplied data length is not properly validated. This oversight can result in an integer overflow, potentially leading to a heap over-read situation, exposing sensitive data and increasing the risk for exploitation.