Vulnerabilities > CVE-2024-31957 - Improper Validation of Specified Quantity in Input vulnerability in Samsung Exynos 2200 Firmware and Exynos 2400 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

samsung

CWE-1284

NVD

Published: 2024-07-09

Updated: 2024-07-12

Summary

A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Exynos 2200 Firmware - Samsung Exynos 2400 Firmware -	2
Hardware	Samsung Samsung Exynos 2200 - Samsung Exynos 2400 -	2

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/