Heap Overwrite Vulnerability in Samsung Exynos Mobile Processors
CVE-2024-27372

6.7MEDIUM

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 5 June 2024

What is CVE-2024-27372?

A vulnerability has been identified in Samsung's Exynos mobile processors, specifically affecting the Exynos 980, 850, 1280, 1380, and 1330. The issue arises in the slsi_nan_config_get_nl_params() function, where an absence of input validation checks on the incoming variable disc_attr->infrastructure_ssid_len from user space can lead to improper handling of memory allocation. This oversight may allow for heap overflow exploitation, potentially compromising system integrity and security. Users and developers are advised to review Samsung's security updates for necessary mitigations.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2024