CVE-2024-27378
05.06.2024, 19:15
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.Enginsight
| Vendor | Product | Version |
|---|---|---|
| samsung | exynos_980_firmware | - |
| samsung | exynos_850_firmware | - |
| samsung | exynos_1280_firmware | - |
| samsung | exynos_1380_firmware | - |
| samsung | exynos_1330_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.