Out-of-Bounds Write Vulnerability in Samsung Exynos Mobile and Wearable Processors
CVE-2024-39890
8.1HIGH
Summary
A vulnerability has been identified in Samsung's Exynos mobile and wearable processors, affecting a range of models including the Exynos 9820, 9825, 980, and several others. This vulnerability is associated with the baseband software, which fails to properly validate the length specified by Call Control (CC), potentially resulting in an out-of-bounds write condition. Exploitation of this vulnerability could allow unauthorized access to system memory, presenting significant risks for user data integrity and device functionality. Mitigation steps should be taken promptly by affected users to secure their devices.
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved