Vulnerabilities > CVE-2024-27383 - Out-of-bounds Write vulnerability in Samsung products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

samsung

CWE-787

NVD

Published: 2024-09-09

Updated: 2024-09-11

Summary

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_get_scan_extra_ies(), there is no input validation check on default_ies coming from userspace, which can lead to a heap overwrite.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Exynos 980 Firmware - Samsung Exynos 850 Firmware - Samsung Exynos 1080 Firmware - Samsung Exynos 1280 Firmware - Samsung Exynos 1330 Firmware - Samsung Exynos 1380 Firmware - Samsung Exynos 1480 Firmware - Samsung Exynos W920 Firmware - Samsung Exynos W930 Firmware -	9
Hardware	Samsung Samsung Exynos 980 - Samsung Exynos 850 - Samsung Exynos 1080 - Samsung Exynos 1280 - Samsung Exynos 1330 - Samsung Exynos 1380 - Samsung Exynos 1480 - Samsung Exynos W920 - Samsung Exynos W930 -	9

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/