PT-2025-9988 · Samsung · Exynos 1380+9
Publicado
2025-03-06
·
Atualizado
2025-03-07
·
CVE-2024-50600
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung Mobile Processor and Wearable Processor Exynos versions 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000
Description
The issue is related to a lack of boundary check in the STOP KEEP ALIVE OFFLOAD function, which can lead to out-of-bounds access. An attacker can exploit this by sending a malformed message to the target through the Wi-Fi driver.
Recommendations
For Exynos 980, update the Wi-Fi driver to include boundary checks for the STOP KEEP ALIVE OFFLOAD function.
For Exynos 850, modify the STOP KEEP ALIVE OFFLOAD function to prevent out-of-bounds access.
For Exynos 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000, restrict access to the Wi-Fi driver until a patch is available that includes boundary checks for the STOP KEEP ALIVE OFFLOAD function.
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Exynos 1080
Exynos 1280
Exynos 1330
Exynos 1380
Exynos 1480
Exynos 850
Exynos 980
Exynos W1000
Exynos W920
Exynos W930