PT-2025-9988 · Samsung · Exynos 1380+9
Published
2025-03-06
·
Updated
2025-03-07
·
CVE-2024-50600
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung Mobile Processor and Wearable Processor Exynos versions 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000
Description
The issue is related to a lack of boundary check in the STOP KEEP ALIVE OFFLOAD function, which can lead to out-of-bounds access. An attacker can exploit this by sending a malformed message to the target through the Wi-Fi driver.
Recommendations
For Exynos 980, update the Wi-Fi driver to include boundary checks for the STOP KEEP ALIVE OFFLOAD function.
For Exynos 850, modify the STOP KEEP ALIVE OFFLOAD function to prevent out-of-bounds access.
For Exynos 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000, restrict access to the Wi-Fi driver until a patch is available that includes boundary checks for the STOP KEEP ALIVE OFFLOAD function.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exynos 1080
Exynos 1280
Exynos 1330
Exynos 1380
Exynos 1480
Exynos 850
Exynos 980
Exynos W1000
Exynos W920
Exynos W930