PT-2024-21868 · Samsung · Exynos

Published

2024-06-05

Updated

2024-06-27

CVE-2024-27380

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos versions 980, 850, 1280, 1380, and 1330

Description An issue was discovered in the function slsi set delayed wakeup type(), where there is no input validation check on the length of ioctl args->args[i] coming from userspace, which can lead to a heap over-read.

Recommendations For Samsung Mobile Processor Exynos versions 980, 850, 1280, 1380, and 1330, consider disabling the slsi set delayed wakeup type() function until a patch is available to prevent potential heap over-read exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2024-27380

Affected Products

Exynos

PT-2024-21868 · Samsung · Exynos

CVE-2024-27380

Weakness Enumeration

Related Identifiers

Affected Products

References · 6