5.5

CVE-2024-27366

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SamsungExynos 980 Firmware Version-
   SamsungExynos 980 Version-
SamsungExynos 850 Firmware Version-
   SamsungExynos 850 Version-
SamsungExynos 1080 Firmware Version-
   SamsungExynos 1080 Version-
SamsungExynos 1280 Firmware Version-
   SamsungExynos 1280 Version-
SamsungExynos 1380 Firmware Version-
   SamsungExynos 1380 Version-
SamsungExynos 1330 Firmware Version-
   SamsungExynos 1330 Version-
SamsungExynos 1480 Firmware Version-
   SamsungExynos 1480 Version-
SamsungExynos W920 Firmware Version-
   SamsungExynos W920 Version-
SamsungExynos W930 Firmware Version-
   SamsungExynos W930 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cve@mitre.org 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.