Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2024-27365

Disclosure Date: September 09, 2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • samsung

Products

  • exynos 1080 firmware -,
  • exynos 1280 firmware -,
  • exynos 1330 firmware -,
  • exynos 1380 firmware -,
  • exynos 1480 firmware -,
  • exynos 850 firmware -,
  • exynos 980 firmware -,
  • exynos w920 firmware -,
  • exynos w930 firmware -

Additional Info

Technical Analysis