Vulnerability Details CVE-2017-18020
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.2%
CVSS Severity
CVSS v3 Score 8.4
CVSS v2 Score 7.2
References
Products affected by CVE-2017-18020
-
cpe:2.3:o:samsung:samsung_mobile:5.0
-
cpe:2.3:o:samsung:samsung_mobile:5.1
-
cpe:2.3:o:samsung:samsung_mobile:5.1.1
-
cpe:2.3:o:samsung:samsung_mobile:6.0
-
cpe:2.3:o:samsung:samsung_mobile:6.0.1
-
cpe:2.3:o:samsung:samsung_mobile:7.0
-
cpe:2.3:o:samsung:samsung_mobile:7.1
-
cpe:2.3:o:samsung:samsung_mobile:7.1.1
-
cpe:2.3:o:samsung:samsung_mobile:7.1.2