Heap Overwrite Vulnerability in Samsung Exynos Mobile Processors
CVE-2024-27376

7.8HIGH

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 5 June 2024

What is CVE-2024-27376?

A vulnerability exists in Samsung's Exynos mobile processors, identified in the function slsi_nan_subscribe_get_nl_params(). This issue arises from insufficient input validation for the parameter hal_req->rx_match_filter_len, which is received from userspace. The absence of necessary validation can allow attackers to exploit this weakness, potentially leading to a heap overwrite, which may compromise system integrity and could lead to unauthorized access or unexpected behavior within the affected devices.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2024