Heap Overwrite Vulnerability in Samsung Mobile Processors
CVE-2024-27379
7.8HIGH
What is CVE-2024-27379?
A vulnerability exists in Samsung's Mobile Processor series, specifically affecting the Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330 models. This vulnerability arises from a failure to perform input validation checks on the hal_req->num_intf_addr_present parameter sourced from userspace within the function slsi_nan_subscribe_get_nl_params(). Without appropriate validation, this flaw can be exploited to facilitate a heap overwrite, potentially allowing an attacker to manipulate memory and execute arbitrary code, thereby compromising the affected device's security.