CVE-2024-27379

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos versions 980, 850, 1280, 1380, and 1330

Description An issue was discovered in the function slsi nan subscribe get nl params(), where there is no input validation check on hal req->num intf addr present coming from userspace, which can lead to a heap overwrite.

Recommendations For Samsung Mobile Processor Exynos versions 980, 850, 1280, 1380, and 1330, consider disabling the slsi nan subscribe get nl params() function until a patch is available to prevent potential heap overwrite attacks. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the hal req->num intf addr present variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.