Vulnerability Details CVE-2024-27385
A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.7%
CVSS Severity
CVSS v3 Score 6.7
References
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27385/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27385/
Products affected by CVE-2024-27385
-
cpe:2.3:h:samsung:exynos_1380:-
-
cpe:2.3:h:samsung:exynos_1480:-
-
cpe:2.3:o:samsung:exynos_1380_firmware:-
-
cpe:2.3:o:samsung:exynos_1480_firmware:-