Heap Over-read Vulnerability in Samsung Mobile Processors
CVE-2024-27382

7.1HIGH

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 5 June 2024

Summary

A vulnerability has been identified in select Samsung Mobile Processors where the function slsi_send_action_frame() lacks proper input validation for data received from user space. This oversight can result in a heap over-read, potentially allowing malicious entities to exploit the flaw and access sensitive information or disrupt service. The impacted processors include the Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Immediate scrutiny and protective measures are recommended to safeguard systems utilizing these processors.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2024