6
CVE-2024-27380
- EPSS 0.05%
- Published 05.06.2024 19:15:14
- Last modified 20.03.2025 21:15:20
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation check on a length of ioctl_args->args[i] coming from userspace, which can lead to a heap over-read.
Data is provided by the National Vulnerability Database (NVD)
Samsung ≫ Exynos 980 Firmware Version-
Samsung ≫ Exynos 850 Firmware Version-
Samsung ≫ Exynos 1280 Firmware Version-
Samsung ≫ Exynos 1380 Firmware Version-
Samsung ≫ Exynos 1330 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.135 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 0.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
|
| cve@mitre.org | 6 | 0.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.