PT-2024-21862 · Samsung · Exynos 1380+4
Published
2024-06-05
·
Updated
2024-08-21
·
CVE-2024-27375
CVSS v3.1
6.7
Medium
| Vector | AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
Samsung Mobile Processor Exynos 980
Samsung Mobile Processor Exynos 850
Samsung Mobile Processor Exynos 1280
Samsung Mobile Processor Exynos 1380
Samsung Mobile Processor Exynos 1330
Description
An issue was discovered in the function
slsi nan followup get nl params(), where there is no input validation check on hal req->sdea service specific info len coming from userspace, which can lead to a heap overwrite.Recommendations
For Samsung Mobile Processor Exynos 980, ensure you patch up to prevent a heap overwrite.
For Samsung Mobile Processor Exynos 850, ensure you patch up to prevent a heap overwrite.
For Samsung Mobile Processor Exynos 1280, ensure you patch up to prevent a heap overwrite.
For Samsung Mobile Processor Exynos 1380, ensure you patch up to prevent a heap overwrite.
For Samsung Mobile Processor Exynos 1330, ensure you patch up to prevent a heap overwrite.
As a temporary workaround, consider disabling the
slsi nan followup get nl params() function until a patch is available.Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Exynos 1280
Exynos 1330
Exynos 1380
Exynos 850
Exynos 980