Risk | High |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2024-39343 CVE-2024-45183 CVE-2024-39890 |
CWE-ID | CWE-20 CWE-787 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Exynos 9820 Mobile applications / Mobile firmware & hardware Exynos 9825 Mobile applications / Mobile firmware & hardware Exynos 990 Mobile applications / Mobile firmware & hardware Exynos 980 Hardware solutions / Firmware Exynos 850 Hardware solutions / Firmware Exynos 2100 Hardware solutions / Firmware Exynos 1280 Hardware solutions / Firmware Exynos 1330 Hardware solutions / Firmware Exynos 1380 Hardware solutions / Firmware Exynos 1480 Hardware solutions / Firmware Exynos 2400 Hardware solutions / Firmware Exynos 9110 Hardware solutions / Firmware Exynos W920 Hardware solutions / Firmware Exynos W930 Hardware solutions / Firmware Exynos W1000 Hardware solutions / Firmware Exynos Modem 5123 Hardware solutions / Firmware Exynos Modem 5300 Hardware solutions / Firmware Exynos 2200 Hardware solutions / Firmware Exynos 1080 Hardware solutions / Firmware |
Vendor | Samsung |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU101070
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39343
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the baseband software does not properly check length specified by the Mobility Management module. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExynos 9820: All versions
Exynos 9825: All versions
Exynos 980: All versions
Exynos 990: All versions
Exynos 850: All versions
Exynos 2100: All versions
Exynos 1280: All versions
Exynos 1330: All versions
Exynos 1380: All versions
Exynos 1480: All versions
Exynos 2400: All versions
Exynos 9110: All versions
Exynos W920: All versions
Exynos W930: All versions
Exynos W1000: All versions
Exynos Modem 5123: All versions
Exynos Modem 5300: All versions
Exynos 2200: All versions
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101078
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45183
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExynos 2100: All versions
Exynos 1280: All versions
Exynos 2200: All versions
Exynos 1330: All versions
Exynos 1380: All versions
Exynos 1480: All versions
Exynos 2400: All versions
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101072
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39890
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the baseband software within the CC (Call Control). A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsExynos 9820: All versions
Exynos 9825: All versions
Exynos 980: All versions
Exynos 990: All versions
Exynos 850: All versions
Exynos 1080: All versions
Exynos 2100: All versions
Exynos 1280: All versions
Exynos 2200: All versions
Exynos 1330: All versions
Exynos 1380: All versions
Exynos 1480: All versions
Exynos 2400: All versions
Exynos 9110: All versions
Exynos W920: All versions
Exynos W930: All versions
Exynos W1000: All versions
Exynos Modem 5123: All versions
Exynos Modem 5300: All versions
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.