Samsung Exynos CPU Heap Overwrite via slsi_nan_config_get_nl_params
CVE-2024-27372 Published on June 5, 2024

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite.

NVD

Vulnerability Analysis

CVE-2024-27372 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2024-27372

Want to know whenever a new CVE is published for Samsung Exynos? stack.watch will email you.

Samsung Exynos

Exploit Probability

EPSS

0.06%

Percentile

17.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Samsung Exynos CPU Heap Overwrite via slsi_nan_config_get_nl_paramsCVE-2024-27372 Published on June 5, 2024

Vulnerability Analysis

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2024-27372

Exploit Probability

Samsung Exynos CPU Heap Overwrite via slsi_nan_config_get_nl_params
CVE-2024-27372 Published on June 5, 2024