6

CVE-2024-27381

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_ut(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.

Data is provided by the National Vulnerability Database (NVD)
SamsungExynos 980 Firmware Version-
   SamsungExynos 980 Version-
SamsungExynos 850 Firmware Version-
   SamsungExynos 850 Version-
SamsungExynos 1280 Firmware Version-
   SamsungExynos 1280 Version-
SamsungExynos 1380 Firmware Version-
   SamsungExynos 1380 Version-
SamsungExynos 1330 Firmware Version-
   SamsungExynos 1330 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.135
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6 0.8 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
cve@mitre.org 6 0.8 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.