Use-After-Free Vulnerability in Samsung Mobile and Wearable Processors
CVE-2024-32502

8.4HIGH

Key Information:

Vendor: Samsung
Status: Exynos 1080 Firmware
Vendor: CVE Published:; 7 June 2024

What is CVE-2024-32502?

A vulnerability has been identified in Samsung's Exynos mobile and wearable processors, specifically affecting versions Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930. This vulnerability arises from a lack of proper reference count checking, leading to a Use-After-Free condition. Such a vulnerability can allow potential attackers to exploit freed memory, leading to unforeseen behaviors, data corruption, or other security breaches in devices utilizing these processors. Users of affected devices are encouraged to stay informed about necessary updates and mitigations from the vendor to ensure their systems remain secure.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2024
Vulnerability Reserved
Apr 15, 2024