CVE-2024-56427

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor and Wearable Processor Exynos versions 980 through 9825 Samsung Mobile Processor and Wearable Processor Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110 Samsung Mobile Processor and Wearable Processor Exynos versions W920, W930, W1000 Samsung Modem versions 5123, 5300, 5400

Description: An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos, where the lack of a length check leads to out-of-bounds access via malformed RRC packets to the target.

Recommendations: For Samsung Mobile Processor and Wearable Processor Exynos versions 980 through 9825, update to a version that includes a length check to prevent out-of-bounds access. For Samsung Mobile Processor and Wearable Processor Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, restrict access to malformed RRC packets to minimize the risk of exploitation. For Samsung Mobile Processor and Wearable Processor Exynos versions W920, W930, W1000, consider disabling the processing of RRC packets until a patch is available. For Samsung Modem versions 5123, 5300, 5400, avoid using the vulnerable modem functionality until the issue is resolved.