CVE-2024-46920

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 980 through 9825 Samsung Mobile Processor Exynos versions 990 Samsung Mobile Processor Exynos versions 850 Samsung Mobile Processor Exynos versions 1080 Samsung Mobile Processor Exynos versions 2100 Samsung Mobile Processor Exynos versions 1280

Description: An issue was discovered in Samsung Mobile Processor Exynos. The lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.

Recommendations: For Samsung Mobile Processor Exynos versions 980 through 9825, consider disabling the loadInputBuffers function until a patch is available. For Samsung Mobile Processor Exynos version 990, restrict access to the vulnerable module to minimize the risk of exploitation. For Samsung Mobile Processor Exynos version 850, avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. For Samsung Mobile Processor Exynos versions 1080, 2100, and 1280, as a temporary workaround, consider restricting the use of the vulnerable component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.