CVE-2024-27366

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor, Wearable Processor Exynos versions Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930

Description An issue was discovered in the function slsi rx scan done ind(), where there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Recommendations For Samsung Mobile Processor, Wearable Processor Exynos versions Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930, consider disabling the slsi rx scan done ind() function until a patch is available. Restrict access to the affected function to minimize the risk of exploitation. Avoid using lengths coming from userspace in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.