CVE-2024-28068

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor, Wearable Processor, and Modems versions Exynos 9820 through Exynos 2400 Samsung Mobile Processor, Wearable Processor, and Modems versions Exynos 9110, Exynos W920, Exynos W930 Samsung Mobile Processor, Wearable Processor, and Modems versions Exynos Modem 5123, Exynos Modem 5300

Description A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems that involves a NULL pointer dereference. This can cause abnormal termination of a mobile phone via a manipulated packet.

Recommendations For versions Exynos 9820 through Exynos 2400, update to a version that includes a fix for the NULL pointer dereference issue. For versions Exynos 9110, Exynos W920, Exynos W930, update to a version that includes a fix for the NULL pointer dereference issue. For versions Exynos Modem 5123, Exynos Modem 5300, update to a version that includes a fix for the NULL pointer dereference issue. As a temporary workaround, consider restricting the reception of manipulated packets to minimize the risk of exploitation.