CVE-2024-27381

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 980 Samsung Mobile Processor Exynos 850 Samsung Mobile Processor Exynos 1280 Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1330

Description An issue was discovered in the function slsi send action frame ut(), where there is no input validation check on len coming from userspace, which can lead to a heap over-read.

Recommendations For Samsung Mobile Processor Exynos 980, consider disabling the slsi send action frame ut() function until a patch is available. For Samsung Mobile Processor Exynos 850, restrict access to the vulnerable function slsi send action frame ut() to minimize the risk of exploitation. For Samsung Mobile Processor Exynos 1280, avoid using the len variable in the affected function until the issue is resolved. For Samsung Mobile Processor Exynos 1380, as a temporary workaround, consider restricting the input from userspace to prevent the heap over-read. For Samsung Mobile Processor Exynos 1330, at the moment, there is no information about a newer version that contains a fix for this vulnerability.