Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-27366

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Published

2024-09-09T20:15:04.100

Last Modified

2025-03-25T16:15:19.390

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-125
Type: Secondary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	samsung	exynos_980_firmware	-	Yes
Hardware	samsung	exynos_980	-	No
Operating System	samsung	exynos_850_firmware	-	Yes
Hardware	samsung	exynos_850	-	No
Operating System	samsung	exynos_1080_firmware	-	Yes
Hardware	samsung	exynos_1080	-	No
Operating System	samsung	exynos_1280_firmware	-	Yes
Hardware	samsung	exynos_1280	-	No
Operating System	samsung	exynos_1380_firmware	-	Yes
Hardware	samsung	exynos_1380	-	No
Operating System	samsung	exynos_1330_firmware	-	Yes
Hardware	samsung	exynos_1330	-	No
Operating System	samsung	exynos_1480_firmware	-	Yes
Hardware	samsung	exynos_1480	-	No
Operating System	samsung	exynos_w920_firmware	-	Yes
Hardware	samsung	exynos_w920	-	No
Operating System	samsung	exynos_w930_firmware	-	Yes
Hardware	samsung	exynos_w930	-	No

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory ([email protected])
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27366/ Vendor Advisory ([email protected])