CVE-2024-27385

Опубликовано: 09 июл. 2024

Источник: nvd

CVSS3: 6.7

EPSS Низкий

Описание

A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite.

Ссылки

https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27385/
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27385/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00107

Низкий

6.7 Medium

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-8pww-5m28-7rgc