Heap Overflow Vulnerability in Samsung Mobile Processors
CVE-2024-27375

6.7MEDIUM

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 5 June 2024

What is CVE-2024-27375?

A vulnerability has emerged in several models of Samsung's Exynos mobile processors, specifically in the slsi_nan_followup_get_nl_params() function. This vulnerability arises from inadequate input validation on the hal_req->sdea_service_specific_info_len parameter, which originates from userspace. As a result, this oversight can lead to a heap overwrite condition, potentially compromising the security of devices powered by these processors. Users are advised to be aware of this vulnerability and implement any available security updates to protect their devices.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2024