Heap-based buffer overflow in Samsung products - CVE-2024-27387
Published: September 2, 2024
Vulnerability identifier: #VU96678
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-27387
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Samsung
Affected software:
Exynos 980
Exynos 850
Exynos 1080
Exynos 1280
Exynos 1380
Exynos 1330
Exynos 1480
Exynos W920
Exynos W930
Exynos 980
Exynos 850
Exynos 1080
Exynos 1280
Exynos 1380
Exynos 1330
Exynos 1480
Exynos W920
Exynos W930
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary error in the "slsi_rx_range_done_ind()" function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and overwrite arbitrary files on the target system.
How to mitigate CVE-2024-27387
Install updates from vendor's website.