Heap Overwrite Vulnerability in Samsung Exynos Mobile Processors
CVE-2024-27373
7.8HIGH
Summary
A security issue has been identified in several Samsung Exynos mobile processors, specifically Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. The vulnerability resides in the function slsi_nan_config_get_nl_params(), where a lack of input validation on the user-supplied disc_attr->mesh_id_len parameter can result in a heap overwrite condition. This flaw emphasizes the need for proper validation of user input to prevent potential exploitation and ensure robust security measures in mobile processing units.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published