CVE-2024-27371
CVE-2024-27371
In short
A Samsung processor vulnerability fails to validate user input size, allowing attackers to overwrite memory on the device heap. This can crash the system or potentially execute malicious code.
Technical detail
The slsi_nan_followup_get_nl_params() function in Samsung Exynos processors lacks bounds checking on hal_req->service_specific_info_len from userspace, enabling heap buffer overflow. An unprivileged application with network service access can trigger heap memory corruption, potentially leading to information disclosure or code execution.
Summary generated and translated by AI from the official description.
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →