CVE-2024-27373

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 980 Samsung Mobile Processor Exynos 850 Samsung Mobile Processor Exynos 1280 Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1330

Description An issue was discovered in the function slsi nan config get nl params(), where there is no input validation check on disc attr->mesh id len coming from userspace, which can lead to a heap overwrite.

Recommendations For Samsung Mobile Processor Exynos 980, update to a version that includes a fix for the issue in the slsi nan config get nl params() function. For Samsung Mobile Processor Exynos 850, update to a version that includes a fix for the issue in the slsi nan config get nl params() function. For Samsung Mobile Processor Exynos 1280, update to a version that includes a fix for the issue in the slsi nan config get nl params() function. For Samsung Mobile Processor Exynos 1380, update to a version that includes a fix for the issue in the slsi nan config get nl params() function. For Samsung Mobile Processor Exynos 1330, update to a version that includes a fix for the issue in the slsi nan config get nl params() function. As a temporary workaround, consider disabling the slsi nan config get nl params() function until a patch is available.