Input Validation Vulnerability in Samsung Mobile Processors
CVE-2024-27371

6.7MEDIUM

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 5 June 2024

What is CVE-2024-27371?

A security issue in specific Samsung Exynos mobile processors has been identified, where the function slsi_nan_followup_get_nl_params() does not perform adequate input validation on the service_specific_info_len parameter sourced from userspace. This lack of validation may result in a heap overwrite, potentially allowing attackers to execute arbitrary code or escalate privileges. The affected processors include Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330, necessitating prompt attention to mitigate risks.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2024