Vulnerabilities > CVE-2024-27379 - Out-of-bounds Write vulnerability in Samsung products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

samsung

CWE-787

NVD

Published: 2024-06-05

Updated: 2024-06-27

Summary

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead to a heap overwrite.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Exynos 980 Firmware - Samsung Exynos 850 Firmware - Samsung Exynos 1280 Firmware - Samsung Exynos 1380 Firmware - Samsung Exynos 1330 Firmware -	5
Hardware	Samsung Samsung Exynos 980 - Samsung Exynos 850 - Samsung Exynos 1280 - Samsung Exynos 1380 - Samsung Exynos 1330 -	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/