7.5

CVE-2023-37368

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.

Data is provided by the National Vulnerability Database (NVD)
SamsungExynos 9810 Firmware Version-
   SamsungExynos 9810 Version-
SamsungExynos 9610 Firmware Version-
   SamsungExynos 9610 Version-
SamsungExynos 9820 Firmware Version-
   SamsungExynos 9820 Version-
SamsungExynos 980 Firmware Version-
   SamsungExynos 980 Version-
SamsungExynos 850 Firmware Version-
   SamsungExynos 850 Version-
SamsungExynos 1080 Firmware Version-
   SamsungExynos 1080 Version-
SamsungExynos 2100 Firmware Version-
   SamsungExynos 2100 Version-
SamsungExynos 2200 Firmware Version-
   SamsungExynos 2200 Version-
SamsungExynos 1280 Firmware Version-
   SamsungExynos 1280 Version-
SamsungExynos 1380 Firmware Version-
   SamsungExynos 1380 Version-
SamsungExynos 1330 Firmware Version-
   SamsungExynos 1330 Version-
SamsungExynos 9110 Firmware Version-
   SamsungExynos 9110 Version-
SamsungExynos W920 Firmware Version-
   SamsungExynos W920 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.14% 0.346
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.