CVE-2024-27378

EPSS 0.04%
Published 05.06.2024 19:15:14
Last modified 13.03.2025 15:15:41
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Exynos 980 Firmware Version-

Samsung ≫ Exynos 980 Version-

Samsung ≫ Exynos 850 Firmware Version-

Samsung ≫ Exynos 850 Version-

Samsung ≫ Exynos 1280 Firmware Version-

Samsung ≫ Exynos 1280 Version-

Samsung ≫ Exynos 1380 Firmware Version-

Samsung ≫ Exynos 1380 Version-

Samsung ≫ Exynos 1330 Firmware Version-

Samsung ≫ Exynos 1330 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
cve@mitre.org	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27378

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27378

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27378

EUVD