PT-2024-21853 · Samsung · Exynos W920+8
Jiayy
·
Published
2024-09-09
·
Updated
2024-09-20
·
CVE-2024-27365
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Samsung Mobile Processor Exynos versions Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930
Description
An issue was discovered in the function
slsi rx blockack ind(), where there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.Recommendations
For Samsung Mobile Processor Exynos versions Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930, consider disabling the
slsi rx blockack ind() function until a patch is available to prevent potential heap over-read.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exynos 1080
Exynos 1280
Exynos 1330
Exynos 1380
Exynos 1480
Exynos 850
Exynos 980
Exynos W920
Exynos W930