Use-After-Free Vulnerability in Samsung Exynos Mobile and Wearable Processors
CVE-2024-32503

7.8HIGH

Key Information:

Vendor: Samsung
Status: Exynos 850 Firmware
Vendor: CVE Published:; 7 June 2024

Summary

A vulnerability has been identified in Samsung's Exynos mobile and wearable processors, stemming from inadequate memory deallocation checking. This flaw could lead to a Use-After-Free (UAF) scenario, potentially allowing attackers to exploit the system and execute arbitrary code or cause unintended behavior. The affected models include Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930. Users and developers are advised to explore available mitigations and security recommendations.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2024