Out-of-Bounds Write Vulnerability in Samsung Exynos Mobile and Wearable Processors
CVE-2024-32504

7.8HIGH

Key Information:

Vendor: Samsung
Status: Exynos 850 Firmware
Vendor: CVE Published:; 13 June 2024

Summary

A vulnerability has been identified in several Samsung Exynos mobile and wearable processors, specifically regarding inadequate length checking during processing. This flaw may permit an Out-of-Bounds Write scenario, potentially leading to unauthorized access or manipulation of memory, which can compromise device integrity and user data security. Products affected include the Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930. Mitigation steps are currently under review, and users are encouraged to stay updated through Samsung's official product security updates.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Apr 15, 2024