Samsung Exynos Heap Overwrite via Unchecked tag_len in slsi_handle
CVE-2024-27386 Published on July 9, 2024

A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite.

NVD

Vulnerability Analysis

CVE-2024-27386 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-27386

Want to know whenever a new CVE is published for Samsung Exynos? stack.watch will email you.

Samsung Exynos

Exploit Probability

EPSS

0.11%

Percentile

29.05%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Samsung Exynos Heap Overwrite via Unchecked tag_len in slsi_handleCVE-2024-27386 Published on July 9, 2024

Vulnerability Analysis

Weakness Type

Improper Input Validation

Products Associated with CVE-2024-27386

Exploit Probability

Samsung Exynos Heap Overwrite via Unchecked tag_len in slsi_handle
CVE-2024-27386 Published on July 9, 2024