Heap Over-Read Vulnerability in Samsung Mobile Processors
CVE-2024-27378

6MEDIUM

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 5 June 2024

Summary

A vulnerability exists in multiple Samsung Mobile Processors, specifically Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330, due to inadequate input validation within the slsi_send_action_frame_cert() function. This oversight allows for potential heap over-reads, which may lead to exposure of sensitive information and enable further exploitation by malicious actors. Mitigating this issue requires the implementation of proper input validation protocols to secure the affected processors against unauthorized access and attacks.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2024