Heap Overwrite Vulnerability in Samsung Exynos Mobile Processors
CVE-2024-27376

6.7MEDIUM

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 5 June 2024

Summary

A vulnerability exists in Samsung's Exynos mobile processors, identified in the function slsi_nan_subscribe_get_nl_params(). This issue arises from insufficient input validation for the parameter hal_req->rx_match_filter_len, which is received from userspace. The absence of necessary validation can allow attackers to exploit this weakness, potentially leading to a heap overwrite, which may compromise system integrity and could lead to unauthorized access or unexpected behavior within the affected devices.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2024