CVE-2024-27377 | THREATINT

Description

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can lead to a heap overwrite.

PUBLISHED Reserved 2024-02-25 | Published 2024-06-05 | Updated 2025-03-28 | Assigner mitre

MEDIUM: 6.7CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N

References

semiconductor.samsung.com/...pport/product-security-updates/

cve.org (CVE-2024-27377)

nvd.nist.gov (CVE-2024-27377)

Download JSON

help @ threatint.eu